The term APT (or advanced persistent threat) is used to describe complex, custom-built attacks that businesses face today.
While mid-size to large organizations in specific industries face advanced attacks with medium complexity, incidents involving large corporations, nations, and even governments are the ones that usually make it to the media. These breaches often occur because of highly advanced attacks, known as advanced persistent threats that are highly sophisticated, and use custom-made tools and techniques. Because of that, they’re successful in evading traditional in-guest security mechanisms and remain undetected a very long time.
Unlike common malware, targeted attacks use an advanced piece of malware (e.g. rootkits, kernel exploits) designed to cloak the infiltration of the system. Once this tool is installed, no software inside the machine can detect or remove the malware. Even advanced security solutions have difficulties discovering them, if those security solutions are in-guest.
When trying to detect an attack, traditional detection technologies look for who tries to initiate the attack or for signs of malicious behavior, or what an attack looks like. The issue with this approach is that new malware appears every day and detecting it in real-time is becoming more than a challenge. Plus, advanced attacks usually employ memory manipulation techniques, such as buffer overflow, or code injection, that are not usually detected by traditional detection technologies.
But what if your security solution does NOT rely on information coming from the operating system? What if there were a way for a security technology to SEE past these attacks, and look directly at what’s being executed within the memory of each virtual machine, from OUTSIDE the operating system?
Our hypervisor introspection knows what attacks look like at a memory level – even if within the OS, everything looks normal – as malware inevitably leaves certain traces in the memory space. This is a paradigm shift, as the number of techniques for using exploits remains very small. All of them focus on misusing memory or utilizing bugs in software to get malicious code executed.
Think of it this way: if traditional endpoint security technologies need to cope with millions of malicious samples and accurately identify them, Bitdefender hypervisor introspection focuses on the attack techniques that all those malware samples have in common. Code injection, function detouring and API hooking can easily be detected without knowing beforehand the actual vulnerabilities that attackers use. Additionally, thanks to this unique approach, an attack can be prevented even when it’s using valid certificates.
As a completely AGENTLESS security technology, it simply PLUGS IN ON TOP OF YOUR existing SECURITY SOLUTION.
Bitdefender Hypervisor Introspection does not require an agent to run in each VM, as it detects and secures infrastructures directly at hypervisor-level, through a security virtual appliance. This is why, unlike other vendors that require you to remove your endpoint protection and replace it with theirs, Bitdefender Hypervisor Introspection complements your existing security tools.
For more information about Bitdefender Hypervisor Introspection, how it works, or to simply request a demo, please check out bitdefender.com/HV